<?


/*
*
*   Excalibur Content Management System
*   Copyright © 2008 Egor "Sontan" Kuryanovich
*
*   Based on Explay Engine v2.0 by Golovdinov Alexander
*
*   Official site: www.excms.ru
*   Contact e-mail: support@excms.ru
*
*   GNU General Public License original source:
*   http://www.gnu.org/licenses/gpl-3.0.html
*
*/


header("Content-type: text/javascript; charset=utf-8");
header('Content-type: text/html; charset=utf-8');  
header("Cache-Control: no-store, no-cache, must-revalidate");  
header("Cache-Control: post-check=0, pre-check=0", false); 

$EXCMS = "work";

include $_SERVER['DOCUMENT_ROOT']."/engine/settings.php";
include $_SERVER['DOCUMENT_ROOT']."/engine/functions.php";
include $_SERVER['DOCUMENT_ROOT']."/engine/mysql.class.php";

$db = new DB($server, $dbusername, $dbpassword, $dbname);
$db->connect();

if (isset($_COOKIE['login']) && isset ($_COOKIE['pass']) && $_COOKIE['login'] != "false" && $_COOKIE['pass'] != "false") {
	$GLOBAL_USER_LOGIN = addslashes($_COOKIE['login']);
	$GLOBAL_USER_PASS = addslashes($_COOKIE['pass']);
	$SELECT_USER = @mysql_query ("SELECT * FROM ".DB_PEREFIX."_users WHERE user_login = '$GLOBAL_USER_LOGIN' && user_password = '$GLOBAL_USER_PASS'");
	if ($SELECT_USER && $db->num_rows ($SELECT_USER) == 1) {
		$GLOBAL_USER = $db->fetch_array ($SELECT_USER);
	}
}
if (!is_admin() && !is_moderator()) exit ("У вас не прав на редактирование!");

if (!isset($_POST['com_id'])) exit ("Не задан номер комментария!");

$id = intval ($_POST['com_id']);

if ($_POST['exit'] == "true") {
	$com = $db->fetch_array ($db->query ("SELECT com_text FROM ".DB_PEREFIX."_comments WHERE com_id = '$id'"));
	print n2br ($com['com_text']);
	exit;
}

if ($_POST['save'] == "true") {
	if ($_POST['com_body'] == "") print "<font color='red'>Ошибка: пустое поле не может быть сохранено!</font><br />";
	else {
		$update = $db->query ("UPDATE ".DB_PEREFIX."_comments SET com_text = '".utf2win ($_POST['com_body'])."' WHERE com_id = '$id'");
		if ($update) {
			print "<font color='green'>Комментарий сохранен!</font><br />";
			$com = $db->fetch_array (mysql_query ("SELECT com_text FROM ".DB_PEREFIX."_comments WHERE com_id = '$id'"));
			print n2br($com['com_text']);
			exit;
		}
		else print "<font color='red'>Ошибка БД!</font><br />";
		
	}
	
}

$get_com = $db->query ("SELECT com_text FROM ".DB_PEREFIX."_comments WHERE com_id = '$id'");
if ($db->num_rows($get_com) == 0) exit ("Ошибка БД или нет такого комментария!");

$com = $db->fetch_array ($get_com);
$text = $com['com_text'];

print "<form method='POST' name='edit_form' style='margin:0px'>
<textarea name='com_body' id='edit_com_body' style='width:100%;' row='4'>$text</textarea><br />
<input type='button' onclick='exit(\"$id\");' class='button' value='отменить'> <input type='button' onclick='save(\"$id\");' class='button' value='сохранить'>
</form>";

function utf2win ($s) { 
    for ($c=0;$c<strlen($s);$c++){  
        $i=ord($s[$c]);  
        if ($i<=127) $out.=$s[$c];  
        if ($byte2){  
        $new_c2=($c1&3)*64+($i&63);  
        $new_c1=($c1>>2)&5;  
        $new_i=$new_c1*256+$new_c2;  
        if ($new_i==1025){  
        $out_i=168;  
        } else {  
        if ($new_i==1105){  
        $out_i=184;  
        } else {  
        $out_i=$new_i-848;  
        } 
        } 
        $out.=chr($out_i);  
        $byte2=false;  
        }  
        if (($i>>5)==6) {  
        $c1=$i;  
        $byte2=true;  
        } 
    }  
return $out;  
}

